We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Step 4 - Choose Your Deployment

  • Last updated on

CONFIGURE G SUITE JOURNALING

You must configure G Suite to send archived mail directly to the Barracuda Cloud Archiving Service. 

Google IP address ranges and user interface can change; refer to the G Apps Administrator Help articles Google IP address ranges and Add mail routes with the Hosts tab.

G Suite Enterprise and G Suite Enterprise for Education include some built-in archiving capability. For additional information, see the G Suite Administrator Help solution Integrate Gmail with a third-party archiving solution.

Step 1. Activate the Service

  1. Log in to Barracuda Cloud Archiving Service, and click Set up to the right of Cloud Archiving Service:
    BCASSetup.png 
  2. Select your geographic location from the Country drop-down menu, and click Activate.

Step 2. Add Users to Your Barracuda Cloud Control Account

Add users through LDAP authentication and associate a role and whose mail can be viewed with an LDAP user or group, or manually configure and assign roles to local accounts in the web interface.

Understanding Roles
  • User – Able only to view messages accessible to the account, either because the username for the account is also that of the sender or recipient of a message, or because it has been given explicit access to view an email address via Alias Linking.
  • Auditor  Able to create and activate policies, and view, search, and export any messages to/from the domains to which they have access. Additionally, Auditors can save and name an Advanced search for re-execution at a later time from the Saved Searches tab. To create a Domain Auditor (an auditor with access to only a subset of the domains on your Barracuda Cloud Archiving Service), set the role to Auditor and specify at least one domain. If no domains are specified, then all messages in the entire Barracuda Cloud Archiving Service are accessible. No auditor account has access to any system or network configuration information on the Barracuda Cloud Archiving Service.
  • Admin – Able to view all items from any user, not just those listed for the account. Also able to create and activate policies, and can make other system or network changes.
Active Directory Configuration

Add LDAP Active Directory

Use the following steps to set up Barracuda Cloud Control LDAP authentication:

  1. Log in to https://login.barracudanetworks.com/ as the account administrator, and go to Admin > Directories.

  2. Click Add Directory > LDAP Active Directory; the Create Directory wizard displays. In the Info page, specify the following details:
    1. Enter a name to represent the directory in the Directory Name field.
    2. Toggle User / Group Sync to On to synchronize with AD.
    3. Toggle Authenticate to On to allow users to authenticate using their LDAP AD credentials. When toggled Off, users must authenticate using their Barracuda Cloud Control credentials.
    4. Optionally, enter the administrator contact email address:
      CreateDirectory.png
  3. Click Save & Continue.
  4. In the Host page, enter the following details for your LDAP host:
    1. LDAP Host IP address

    2. LDAP Host Port

    3. Base domain name

    4. Username

    5. Password

    6. Select the Connection Security as STARTTLS, LDAPS, or None.

  5. Click Add Domain; the domain is added to the Domains field. Click Verify.
  6. Click Test to verify connectivity. If the connection is successful, Connected displays. If the connection fails, verify the entered LDAP host details. Click Continue.
  7. In the Domains page, click Add domain to add the domain to the AD configuration. Complete this step for each domain you want to add.
  8. To verify you own the domains you plan to include in your AD configuration, select the manner in which to verify the domains:
    • Copy a META tag to your domain header, or
    • Add a TXT record to your host's DNS management settings
      VerifyDomain.png
  9. Click Verify. Once the domain is verified, it is added to the Directories table in the Admin > Directories page in Barracuda Cloud Control.

Add Azure Active Directory

See also: Azure AD with Active Directory Federation Services

Use the following steps to set up Barracuda Cloud Control Azure AD authentication:

  1. Log in to https://login.barracudanetworks.com/ as the account administrator, and go to Admin > Directories.

  2. Click Add Directory > Azure Active Directory; the Create Directory wizard displays. In the Info page, enter a name to represent the directory in the Directory Name field.
  3. Click Connect to Microsoft to sign in to Microsoft and authorize Barracuda Cloud Control to connect to your Azure AD account.
  4. Once authorization is complete, toggle User / Group Sync to On to synchronize with Azure AD.
  5. Toggle Authenticate to On to allow users to authenticate using their Azure AD credentials. When toggled Off, users must authenticate using their Barracuda Cloud Control credentials.
  6. Optionally, enter the administrator contact email address. Click Save & Continue.
  7. Once verification is complete, your Azure AD domains display in the wizard. Click Done.

Associate a Role

  1. Go to the Users > LDAP User Add/Update page.
  2. In the LDAP User/Group field, enter the LDAP User or Group name to which the permissions apply.
  3. Select the Role for the specified LDAP user or group account:
    1. User Role – Specify mailbox addresses to include or exclude from the LDAP account:
      • Include these Addresses – Enter a mailbox address that you wish to make available to the specified LDAP account, and then click Add.

      • Exclude these Addresses – Enter a mailbox address that you wish to hide from the specified LDAP account, and then click Add.

    2. Auditor Role – Configure the desired permissions:

      • Domains – Enter a domain for which the auditor can view mail, and then click Add.

      • Saved Search – Define Saved Searches on the Basic > Search page, and then select the desired Saved Search from the drop-down menu to filter the auditor's search results.

      • Exclude these addresses – Enter a mailbox address that you want to hide from the specified LDAP account, and then click Add.

    3. Admin Role – Specify mailbox addresses that you want to hide from the specified LDAP account, and then click Add.

  4. Click Save.

For end-user authentication, refer to How to Set Up LDAP Groups for End-User Authentication.

Manually Add Local Accounts

Local accounts reside only on the Barracuda Cloud Archiving Service.

  1. Go to the Users > User Add/Update page, and enter the user's Email Address and the User Display Name.
  2. Enter all aliases associated with the entered email address, one entry per line.
  3. Enter the account password and select the user role for the account.
  4. If you select the user role Auditor enter the following additional details:
    • Enter a domain for which the auditor can view messages and other Outlook items, and click Add. Any messages that includes an email address in the listed domains in either the From, To, or CC/Bcc areas, or any items that belong to a user in the specified domains, display in search results. To allow the auditor to view all items from all domains, leave this field blank.
    • In the Saved Search drop-down menu, select a defined Saved-Search to automatically apply to all searches performed by this auditor. Note that the parameters in the Saved Search take precedence over any domain limitations that may be specified above, as well as over any attempts by the auditor to Search As any other account. 

Step 3. Obtain Your Journaling Address

  1. Log in to the Barracuda Cloud Archiving Service, and go to the Mail Sources > SMTP Journaling page.
  2. Verify your journaling address.

Step 4. Configure G Suite

  1. Sign in to the G Suite domain console, and go to Apps > G Suite > Gmail > Advanced settings.
  2. Scroll to Routing, and click Configure.
  3. Enter a unique name to identify the setting, and select all check boxes under Messages to affect:
    bcas_messages_to_affect.png
  4. In the Also deliver to section, click Add more recipients, and click Add.
  5. Under Recipients, select Advanced from the drop-down menu.
  6. In the Envelope recipient section, select Change envelope recipient.
  7. In the Replace recipient field, enter the journaling address from the Barracuda Cloud Archiving Service Mail Sources > SMTP Journaling page.
  8. Clear Do not deliver spam to this recipient and select Suppress bounces from this recipient
  9. Click Save, and click Add Setting.
  10. Click Save.

CONFIGURE OFFICE 365 JOURNALING

Use the steps in this article to ensure that a copy of all mail sent from and received by users in Office 365 is sent to the Barracuda Cloud Archiving Service.

Hybrid Deployment

In a Hybrid deployment, where some mailboxes are on-premise Exchange Server and some Office 365 Exchange Online, you must set up a journaling rule on both the on-premise Exchange Server and Office 365 to capture inbound, outbound, and internal mail.

Warning! Hybrid deployment can cause duplicate mails in some environments. This is an issue with Hybrid deployment and not with your Barracuda Cloud Archiving Service. Contact your Barracuda Sales or Support representative for more information.

Use the following articles to set up journaling based on the version of Exchange Server running in your environment:

See also: Microsoft TechNet article Journaling

Step 1. Configure Local Domains

Add email domains and fully-qualified domain names (FQDNs) you want to archive. The FQDN consists of a host or system name and domain name, including the top-level domain. Any messages sent to any recipient in the listed domains are added to the archive.

  1. Go to the Basic > Domain Management page, and enter the domain or FQDN in the LOCAL DOMAINS field.
  2. Click Add, and then click Save.

Step 2. Configure Journaling

Option 1. Configure Journaling from the Web Interface

  1. Go to the Mail Sources > SMTP Journaling page.
  2. Go to Journaling Setup Scripts > Office 365 Setup Script, and click Run Script.
  3. Follow the onscreen prompts to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service.

Option 2. Configure Journaling via Script

  1. Go to the Mail Sources > SMTP Journaling page.
  2. In the Journaling Setup Scripts section, click Download to save the PowerShell script to your local system, or click Show Script to copy the script to your clipboard.
  3. Open Windows PowerShell, and run the script to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service.

Option 3. Manually Configure Journaling

Step 1. Add a Remote Domain and Connector

  1. Log in to Office 365 Exchange admin center.
  2. Select mail flow > remote domains.
  3. Click the + symbol. In the new remote domain, complete the following:
    1. Name – Type Barracuda Cloud Archiving Service
    2. Remote DomainType your region-specific MAS hostname, for example: mas.barracudanetworks.com

      See Data Centers by Region for a list of region-specific MAS hostnames.

    3. Out of Office automatic reply types – Select None
    4. Automatic replies – Select Allow automatic forwarding
    5. Message reporting – Clear all options
    6. Use rich-text format – Select Never
    7. Supported Character Set – Set both options to None
      NewRemoteDomain.png
  4. Click Save.
  5. Click Mail flow > connectors, and click the + symbol.
  6. The Select your mail flow scenario page displays.
  7. From the From drop-down menu, select Office 365, and from the To drop-down menu, select Partner organization:
    MailFlowScenario.png  
  8. Enter a Name and (optional) Description to identify the connector:
    BCASNewConnector.png 

  9. Click Next. Select  Only when email messages are sent to these domains, click the + symbol, and in the add domain field, type your region-specific MAS hostname, for example: mas.barracudanetworks.com

    See Data Centers by Region for a list of region-specific MAS hostnames.

     AddDomain2.png

  10. Click OK:
    AddDomainMas.png

  11. Click Next. Select Use the MX record associated with the partner's domain:
    UseMXRecords.png
  12. Select Always use Transport Layer Security (TLS) to secure the connection (recommended) > Any digital certificate, including self-signed certificates:
    TLS.png
  13. Click Next. In the confirmation page, verify your settings:
    ConfirmSettings.png
  14. Click Next. Office 365 runs a test to verify your settings.

  15. Go to the Mail Sources > SMTP Journaling page in the Barracuda Cloud Archiving Service, and copy the email address from the SMTP Journaling Info section, for example: bma_mycompany@mas.barracudanetworks.com

  16. In Office 365, paste this email address into the provided field in the Verification page, and click Validate.

    Note that the sending email portion of the verification may fail depending on your Office 365 configuration. This is not a concern as long as it passes the connectivity test.

  17. Once the verification is complete, your mail flow settings are added.

Step 2. Create a Non-Delivery Report Recipient

Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:
ndr_warning.png 

To create an NDR recipient,

  1. Log in to your Office 365 Exchange admin center.
  2. Select compliance management > journal rules.
  3. If an NDR email recipient is not already specified, click Select address to the right of Send undeliverable journal reports to field:
    SelectAddress.png 
  4. Browse to and select a recipient from the address book.
  5. You can search for a recipient by typing all or part of a display name, and then clicking the Search icon, or click on either the Display Name or E-Mail Address heading to sort the list.
  6. Click OK once you select a recipient, and in the NDRs for undeliverable journal reports window, click Save.

    Best Practice
    Create a shared mailbox and use that mailbox as the NDR recipient.

Step 3. Configure Office 365 to Send Journal Mail

  1. Log in to Office 365 Exchange admin center.
  2. Select compliance management > journal rules.
  3. Click the + symbol. In the new journal rule dialog box, complete the following:
    1. Send journal reports to – Enter the journaling address from the Mail Sources > SMTP Journaling page in the Barracuda Cloud Archiving web interface. This is called the journaling mailbox.
    2. Name – By default, the name of the journal rule is automatically generated from the journal recipients. If there are existing journal rules that contain the same journal recipients, numbers are automatically appended to the journal rule name to avoid duplicates. If you choose to override the automatically-generated name by typing in a custom name, verify the name is unique and descriptive.
    3. If the message is sent to or received from – Select Apply to all messages to journal all recipients.
    4. Journal the following messages – Select All messages to journal all messages regardless of source or destination:
      journalRule.png

      Because the journaling mailbox may contain sensitive information, it is recommended that you create organization-wide policies that govern who can access the journaling mailboxes in your organization.

  4. Click Save. The rule is added to the journal rules table.

Once you complete your deployment configuration, mail begins forwarding to the Barracuda Cloud Archiving Service. Log in to the web interface as the administrator, and go to the Basic > Dashboard page. Processed mail displays in the Message Statistics table. Statistics are cached and may take up to 30 minutes to appear.

For additional configuration options and features, log in to the web interface and click Help.

CONFIGURE ENVELOPE JOURNALING FOR MICROSOFT EXCHANGE SERVER 2013 AND NEWER - STANDARD

 

Microsoft Exchange allows a Journal recipient to be either a mailbox or contact. By using a contact with an email address that is part of a non-existent domain, you can create a send connector that uses SMTP to deliver journaled mail to the Barracuda Cloud Archiving Service. Use the steps in this article to configure Envelope Journaling.

Use the examples included in this article to simplify troubleshooting. Note that you can cut and paste the shell commands directly from this article.

Option 1. Configure Journaling via Script

  1. Go to the Mail Sources > SMTP Journaling page.
  2. Go to Journaling Setup Scripts > Exchange 2013 or newer - Standard Journaling.
  3. Click Show Script to copy the script to your clipboard, or click Download to save the PowerShell script to your local system.
  4. Open Exchange PowerShell, and run the script to configure Microsoft Exchange Server 2013+ to journal mail to the Barracuda Cloud Archiving Service.

Option 2. Manually Configure Journaling

 Step 1. Create Mail Contact

The Mail Contact is the account that is to act as a "holding location" for journaled messages. The email address associated with this account is the designated recipient.

  1. Log in to the Barracuda Cloud Archiving Service, and copy your journaling address from the Mail Sources > SMTP Journaling page:
  2. Log in to the Exchange Admin Center (EAC), and in the left pane, click recipients > contacts.
  3. Click the + symbol, and click Mail contact.
  4. In the new mail contact window, enter Journaling in the First name field, and Contact in the Last name field. The Display name field automatically populates.
  5. Enter JournalingContact in the Alias field (no spaces), and paste the journaling address copied from the Mail Sources > SMTP Journaling page into the External email address field:
    newMailContact.png
  6. Click Save.

 

Remote Domain
In previous versions of Exchange Server, the Exchange Management Console (EMC) was used to create a Remote Domain; in Exchange Server 2013+ the ECP/EAC has no analogous functionality so you must use PowerShell to create the Remote Domain.

Step 2. Configure Journaling

Use your region-specific MAS hostname, for example: mas.barracudanetworks.com
See Data Centers by Region for a list of region-specific MAS hostnames.

  1. Log into your Exchange Server and open the Exchange Management Shell
  2. Execute the following command to create the remote domain; this command ensures TNEF encoding is disabled, where mas.barracudanetworks.com represents the domain in your journaling address, for example: 
    New-RemoteDomain -DomainName mas.barracudanetworks.com -Name "Cloud Archiver Domain" 
  3. Next, execute the following command to enable auto-forwarding:
    Get-RemoteDomain | Where {$_.DomainName -eq "mas.barracudanetworks.com"} | Set-RemoteDomain -TNEFEnabled $false -AutoForwardEnabled $true
  4. Enter the following command to verify the settings:
    Get-RemoteDomain | Where {$_.DomainName -eq "mas.barracudanetworks.com"} |Format-table Name, DomainName, TNEFEnabled, AutoForwardEnabled

To route journaled mail that is sent to the contact to the Barracuda Cloud Archiving Service, use the following steps to create a Send Connector for the Remote Domain:

  1. Log into the EAC and click mail flow in the left pane, select send connectors at the top of the page, and then click the + symbol to create a new send connector:
    send_connector.jpg
  2. In the Name field, enter a name for the connector, and in the Type section, select Custom:
    new_send_connector.jpg
  3. Click next. In the Network settings page, select MX record associated with recipient domain:
    image2016-6-13 12:25:47.png
  4. Click next. In the Smart host authentication page, because authentication is not used on the smart host connection to the Barracuda Cloud Archiving Service, no changes are necessary; click next:
    authentication.jpg
  5. In the Address space section, click the + symbol:
    address_space.jpg
  6. In the Address Space page, enter the domain portion of your journaling address:
    2013-4h-address-space.png
  7. The domain is added to the Address space list:
    2013-4i-send-connector.png
  8. Click next. In the Source server section, click the + symbol:
    source_server.jpg
  9. Verify all of the appropriate Exchange Servers are listed; click add to add additional servers:
    select_server.png
  10. Click OK. In the Source server page, the selected servers display:
    finish.jpg
  11. Click finish. The new send connector displays as Enabled in the send connectors list:
    enabled.jpg
  12. Click the Edit icon to edit the Send Connector properties. From the Maximum send message size (MB) drop-down list, select unlimited, and then click save:
    edit_connector.jpg

Step 3. Set Up Mailbox Database Journaling

Use the following steps to set up mailbox database journaling:

 You must complete all of the steps in this section for each Exchange Email Database.

  1. Log into the EAC and click servers in the left pane, select database at the top of the page, and then click the Edit (EditIcon.png) icon to edit the database properties:
    edit_db.jpg
  2. In the Properties page, click maintenance in the left pane:
    mailbox_db_properties.jpg
  3. In the maintenance page, click browse following the Journal recipient field:
    browse_to_recipient.jpg
  4. Navigate to and select the destination location for journaled messages:
    SelectRecipientMailbox_cloud.jpg
  5. Click ok to select the journal message recipient. The recipient displays in the maintenance page:
    journal_contact.jpg
  6. Click save to save your settings.

 

Once you complete Option 1 or Option 2, the configuration is complete and journaled mail is forwarded to the Barracuda Cloud Archiving Service. Log in and go to the Basic > Search page in the web interface to verify that new mail is being processed. Note that it may take up to 30 minutes before journaled mail is available in the search results.

Barracuda Networks recommends hiding the Journal Contact–as well as any mailbox set up for undeliverable journal reports–from the GAL so that mail is not sent directly to these accounts.

CONFIGURE ENVELOPE JOURNALING FOR MICROSOFT EXCHANGE SERVER 2013 AND NEWER- PREMIUM

 

Excluding Health Monitor Alerts

By default, Health Monitor Alerts are automatically journaled in Exchange 2013. To exclude these alerts from journaling, refer to the Microsoft support article Managed Availability messages are journaled in Exchange Server 2013.

Use the examples included in this article to simplify troubleshooting.

Option 1. Configure Journaling via Script

  1. Go to the Mail Sources > SMTP Journaling page.
  2. Go to Journaling Setup Scripts > Exchange 2013 or newer - Premium Journaling.
  3. Click Show Script to copy the script to your clipboard, or click Download to save the PowerShell script to your local system.
  4. Open Exchange PowerShell, and run the script to configure Microsoft Exchange Server 2013+ to journal mail to the Barracuda Cloud Archiving Service.

Option 2. Manually Configure Journaling

Use the following steps to manually create a remote domain from the Exchange Management PowerShell.

Before Proceeding, verify you have your journaling address from the Mail Sources > SMTP Journaling page in the Barracuda Cloud Archiving Service web interface.

 

Use your region-specific MAS hostname, for example: mas.barracudanetworks.com
See Data Centers by Region for a list of region-specific MAS hostnames.

  1. Log in to the Exchange Server, and click Exchange Management Shell. 
  2. Execute the following command to create the remote domain; this command ensures TNEF encoding is disabled and auto-forwarding is enabled, where mas.barracudanetworks.com represents the domain in your journaling address:
    New-RemoteDomain -DomainName mas.barracudanetworks.com -Name "Cloud Archiver Domain" 
    Get-RemoteDomain | Where {$_.DomainName -eq " mas.barracudanetworks.com "} | Set-RemoteDomain -TNEFEnabled $false -AutoForwardEnabled $true
  3. Enter the following command to verify the settings:
    Get-RemoteDomain | Where {$_.DomainName -eq " mas.barracudanetworks.com "} |Format-table Name, DomainName, TNEFEnabled, AutoForwardEnabled

This command ensures TNEF encoding is disabled and auto-forwarding is enabled. Barracuda recommends disabling TNEF encoding. Auto-forwarding is enabled to allow mail for the contact to be forwarded to the Barracuda Cloud Archiving Service.

Create Alternate Email Address for NDR Delivery

  1. In the EAC, click recipients in the left pane, select mailboxes at the top of the page, and then click the + symbol to create an alternate journaling mailbox:
    mailboxes.jpg

  2. In the new user mailbox page, enter details for the alternate journaling mailbox:
    journal_ndr.jpg
  3. Click save. The new mailbox displays in the mailboxes list:
    journal_ndr2.jpg

 

Hide Alternate Contact from GAL
Barracuda Networks recommends hiding the alternate mail contact from the GAL; to do so, with the new mailbox still selected, click the Edit (edit_icon.jpg) icon. In the general page, turn on Hide from address lists:

hide.jpg

Create Send Connector for the Remote Domain

To route journaled mail that is sent to the contact to the Barracuda Cloud Archiving Service, use the following steps to create a Send Connector for the Remote Domain:

  1. Open the EAC, click mail flow in the left pane, select send connectors at the top of the page, and click the + symbol to create a new send connector:
    send_connector.jpg
  2. In the Name field, enter a name for the connector, and in the Type section, select Custom:
    new_send_connector.jpg
  3. Click next. In the Network settings page, select MX record associated with recipient domain:
    image2016-6-13 12:13:50.png
  4. Click next. In the Smart host authentication page, because authentication is not used on the smart host connection to the Barracuda Cloud Archiving Service, no changes are necessary; click next:
    authentication.jpg
  5. In the Address space section, click the + symbol:
    address_space.jpg
  6. In the Address Space page, enter the domain portion of your journaling address:
    add_domain_cloud.jpg
  7. The domain is added to the Address space list:
    verify_address_space_cloud.jpg
  8. Click next. In the Source server section, click the + symbol:
    source_server.jpg
  9. Verify all of the Exchange Servers that are in the CAS role are listed; click add to add additional servers:
    select_server.png
  10. Click OK. In the Source server page, the selected servers display:
    finish.jpg
  11. Click finish. The new send connector displays as enabled in the send connectors list:
    enabled.jpg
  12. Click the Edit (edit_icon.jpg) icon to edit the Send Connector properties. From the Maximum send message size (MB) drop-down list, select unlimited:
    edit_connector.jpg
  13. Click save. 

Create Journal Rule

Use the following steps to set up a journal rule:

  1. Log into the EAC and click compliance management in the left pane, select journal rules at the top of the page, and then click the + symbol:
    journal_rule01.jpg 
  2. In the new journal rule page, enter the following details:
    1. Enter a name for the journal rule.
    2. From the If the message is sent or received from list, select Apply to all messages.
    3. From the Journal the following messages list, select All messages.
    4. In the Send Journal Reports field, enter the SMTP address provided under Mail Sources > SMTP Journaling in the Cloud Archiving Service:
      2013Premium5bJournalRule.png
  3. Click save. If the warning message Do you want this rule to apply to all future messages displays, click yes:
    warning02.jpg
  4. The journal rule check box displays selected in the journal rules page:
    2013Premium5dJournalRules.png
  5. In the Send undeliverable journal reports to section, click Select address:
    select_address.jpg
  6. In the non-delivery reports window, click browse:
    non_delivery.jpg
  7. Browse to and select the alternate mailbox created:
    journal_ndr3_cloud.jpg
  8. Click OK. Verify your selection, and then click save:
    non_delivery02.jpg
  9. The address displays in the Send undeliverable journal reports to section:
    journal_ndr4.jpg  

Once you complete Option 1 or Option 2, the configuration is now complete and journaled mail is forwarded to the  Barracuda Cloud Archiving Service.  

Log in and go to the Basic > Search page in the web interface to verify that new mail is being processed. Note that it may take up to 30 minutes before journaled mail is available in the search results.

CONFIGURE ENVELOPE JOURNALING FOR MICROSOFT EXCHANGE SERVER 2007 AND 2010

Depending on your Client Access Licenses (CALs), you may need to apply these rules at the mail server level rather than the hub transport level. For more information, see the Microsoft TechNet article Overview of Compliance Features.

Once the Barracuda Cloud Archiving Service is configured to receive SMTP traffic, you must complete the following from the Exchange Management Console (EMC) of each Exchange Server that will be journaling directly into the Barracuda Cloud Archiving Service:

  • From Recipient Configuration – Create a Mail Contact that is to act as the recipient of all journaled messages.
  • From Organization Configuration > Hub Transport – Create the following items:
    • a (non-routable) Remote Domain, to act as the recipient domain for journaled traffic
    • a Send Connector, for routing journaled messages
    • a Journaling Rule to actually enable journaling on your Exchange Server

Step 1. Create Remote Domain

Before Proceeding, verify you have your journaling address from the Mail Sources > SMTP Journaling page in the Barracuda Cloud Archiving Service web interface.

The Remote Domain must match the Mail Contact that is the recipient of journaled messages as it is used by the Exchange Server for routing all SMTP Journal traffic. Use the following steps to create a remote domain:

  1. Open the EMC, expand Organization Configuration, select Hub Transport, and click the Remote Domains tab in the center pane.
  2. In the Actions panel in the right pane, click New Remote Domain. The New Remote Domain dialog displays.
  3. In the Name field, type BCAS, and in the Domain name field, type your region-specific MAS hostname, for example: mas.barracudanetworks.com

    See Data Centers by Region for a list of region-specific MAS hostnames.

     
    CreateRemoteDomain.png

  4. Click New to verify the domain settings, and click Finish to save your settings. The newly created domain displays in the Remote Domains list.
  5. Double-click on the newly created domain to open the Properties dialog for the newly created domain, and:
    • In Exchange 2007, select Format of original message sent as attachment to the journal report.
    • In Exchange 2010, select the Message Format tab in the Properties dialog box.
  6. Select the following options to ensure journal messages sent to this domain are MIME Plain Text format (rather than the unsupported Exchange Rich Text format):
    • In the Message Format Options section, turn on Allow automatic forward.
    • In the Exchange rich-text format section, select Never Use:
      bmaproperties.png

      Verify that only Never use and Allow automatic forward are selected in the dialog box.

  7. Click Apply to save your settings, and click OK to close the Properties dialog.

Step 2. Create Mail Contact

The Mail Contact is the account that is to act as a "holding location" for journaled messages. The email address associated with this account is the designated recipient. Use the following steps to create a Mail Contact:

  1. In the EMC, expand Recipient Configuration, select Mail Contact, and in the Actions panel, click New Mail Contact:
    newmailcontact.png 
  2. In the dialog, select New Contact, and click Next.
  3. Enter a First name and Last name; the Name field automatically populates based on the entered values. Enter an Alias:
    newmailcontact2.png
  4. Click Edit to the right of the External e-mail address field, and in the SMTP Address dialog, enter the journaling address from the Mail Sources > SMTP Journaling page in the Barracuda Cloud Archiving Service web interface:
    2007-mail-contact-4-journaling-address.png

  5. Click OK to close the dialog box. In the Wizard, click Next to verify the information:
    newmailcontact3.png
  6.  Click New to create the Mail Contact. The newly-created contact appears in the Mail Contact list. Click Finish to close the Wizard.

Step 3. Create Send Connector

  1. In the EMC, expand Organization Configuration, select Hub Transport, and select the Send Connector tab. In the Actions panel, and click New Send Connector. The New Send Connector dialog displays. Enter a Name to identify this send connector.
  2. From the Select the intended use for this Send connector menu, select Custom, and click Next.
  3. In the Address Space section, click Add; the SMTP Address Space dialog box displays.
  4. In the Address space field, type your region-specific MAS hostname, for example: mas.barracudanetworks.com

    See Data Centers by Region for a list of region-specific MAS hostnames.

    smtpaddressspace.png

  5. Click OK. The SMTP connector is added:
    SendConnector02.png
  6. Click Next. Select the default setting Use domain name system (DNS) "MX" records to route mail automatically:
    UseDefault.png
  7. Click Next. In the Source Server page, if your Exchange server is not already listed, click Add to search for and add the server to this list. Click Next to verify your configuration, and click New to create the Send Connector. Click Finish to return to the   Send Connectors tab; the newly-created Send Connector displays in the list.
  8. Right-click on the new Send Connector, and click Properties.
  9. In the Properties dialog box, clear Maximum message size (KB):
    send_connector_properties.png
  10.  Click Apply, and then click OK to save your changes and close the dialog box.

Step 4. Create Journaling Rule

Both the Standard and Enterprise versions of Microsoft Exchange Server 2007 and 2010 support Standard and Premium Journaling. Open the EMC, and complete the following steps to add a journaling rule:

  1. In the EMC, expand Organization Configuration, select Hub Transport, and select the Journal Rules tab.
  2. In the Actions panel, click New Journal Rule; the New Journal Rule dialog displays.
  3. Enter a Rule name, and for the Send Journal reports to e-mail address, click Browse and navigate to and select the mail contact you created in Step 2:
    2007-journaling-rule-3.png
  4. Select the Scope for archiving; the recommended setting is Global - all messages for the most complete coverage.
  5. Turn on Enable Rule, click New to create the Journaling rule, and click Finish to return to the Journal Rules tab where the newly-created rule displays in the list.

Last updated on